Method and System for Validating a Computer System

1. A method of operating a computer system comprising: setting a detection bit to a first state in response to beginning execution of an integrity check program at a pre-determined entry point in said integrity check program, wherein said integrity check program is operable to validate dynamic data structures of an operating system; detecting a pre-determined event occurring during said execution of said integrity check program; setting said detection bit to a second state in response to said detecting said pre-determined event; and re-setting a timer if said detection bit is in said first state upon exiting said integrity check program at a pre-determined exit point in said integrity check program.

2. The method as in claim 1 further comprising: authenticating said integrity check program between said beginning execution and said exiting said integrity check program.

3. The method as in claim 2 , wherein said pre-determined event comprises said authenticating said integrity check program indicating authentication failure.

4. The method as in claim 1 , wherein said pre-determined event comprises an exception.

5. The method as in claim 1 , wherein said pre-determined event comprises execution of said integrity check program being interrupted.

6. The method as in claim 1 , wherein said pre-determined event comprises said execution of said integrity check program branching outside said integrity check program.

7. The method as in claim 1 , wherein said pre-determined event comprises a write to a pre-determined region of memory.

8. The method as in claim 7 , wherein said pre-determined region of memory comprises said integrity check program.

9. The method as in claim 7 , wherein said pre-determined region of memory comprises data structures associated with said operating system.

10. The method as in claim 1 further comprising: determining that a write has occurred to a pre-determined region of memory; determining whether said write is trusted; and setting said detection bit to said second state if said write is not trusted.

11. The method as in claim 1 further comprising: forcing DMA-capable devices to dismiss prior pending memory writes upon said beginning execution of said integrity check program.

12. A computer system comprising: a secure timer; security logic coupled to said secure timer and operable to determine successful execution of an integrity check program for validating dynamic data structures of an operating system, wherein said security logic is further operable to reset said secure timer if said integrity check program completes successfully, wherein said security logic is further operable to respond to a proper invocation of said integrity check program by setting a security bit to a first state, wherein said proper invocation comprises beginning execution of said integrity check program at a pre-defined entry point, and wherein said security logic is further operable to set said security bit to a second state responsive to determination of unsuccessful execution of said integrity check program; and a memory unit for storing said security bit.

13. The computer system as recited in claim 12 , wherein said security logic is further operable to detect a pre-determined event during execution of said integrity check program, and wherein said security logic is operable to determine successful execution based thereon.

14. The computer system as recited in claim 13 , wherein said pre-determined event comprises an interrupt.

15. The computer system as recited in claim 13 , wherein said pre-determined event comprises an exception.

16. The computer system as recited in claim 13 , wherein said pre-determined event comprises a write to said integrity check program.

17. The computer system as recited in claim 13 , wherein said pre-determined event comprises a write by an agent other than said integrity check program.

18. The computer system as recited in claim 12 further comprising: a one-time programmable memory unit for storing an integrity check value to authenticate said integrity check program.

19. The computer system as recited in claim 18 wherein said security logic is further operable to authenticate said integrity check program with said integrity check value.

20. The computer system as recited in claim 12 wherein said security logic is further operable to reset said secure timer if said security bit is in said first state.

21. The computer system as recited in claim 12 wherein a period of said secure timer is establishable once per boot of said computer system.

22. The computer system as recited in claim 12 wherein said operating system comprises said integrity check program.

23. The computer system as recited in claim 12 wherein said operating system is operable to quasi-periodically invoke said integrity check program within a time interval defined by said secure timer.

24. The computer system as recited in claim 12 wherein said operating system is operable to enforce a rule that prevents interruption of said integrity check program.

25. The computer system as recited in claim 12 wherein said operating system is operable to enforce a rule that no exception is raised during execution of said integrity check program.

26. The computer system as recited in claim 12 wherein said operating system is operable to enforce a rule that DMA-capable are not allowed to have pending writes when the operating system invokes the integrity check program.

27. The computer system as recited in claim 12 , further comprising: a plurality of processors, wherein during execution of said integrity check program any of said plurality of processors that is not executing said integrity check program is halted.

28. A computer system comprising: a processor and a memory, wherein said memory includes instructions that when executed by said processor implement a method of secure operation of said computer system, said method comprising: setting a detection bit to a first state in response to beginning execution of an integrity check program at a pre-determined entry point in said integrity check program, wherein said integrity check program is operable to validate dynamic data structures of an operating system; detecting a pre-determined event occurring during said execution of said integrity check program; setting said detection bit to a second state in response to said detecting said pre-determined event; and re-setting a timer only if said detection bit is in said first state upon exiting said integrity check program at a pre-determined exit point in said integrity check program.

29. The computer system as in claim 28 , wherein said method further comprises: authenticating said integrity check program between said beginning execution and said exiting said integrity check program.

30. The computer system as in claim 29 , wherein said pre-determined event comprises said authenticating said integrity check program indicating authentication failure.

31. The computer system as in claim 28 , wherein said pre-determined event comprises an exception.

32. The computer system as in claim 28 , wherein said pre-determined event comprises execution of said integrity check program being interrupted.

33. The computer system as in claim 28 , wherein said pre-determined event comprises said execution of said integrity check program branching outside said integrity check program.

34. The computer system as in claim 28 , wherein said pre-determined event comprises a write to a pre-determined region of memory.

35. The computer system as in claim 34 , wherein said pre-determined region of memory comprises said integrity check program.

36. The computer system as in claim 34 , wherein said pre-determined determined region of memory comprises data structures associated with said operating system.

37. The computer system as in claim 28 , wherein said method further comprises: determining that a write has occurred to a pre-determined region of memory; determining whether said write is trusted; and setting said detection bit to said second state if said write is not trusted.

38. The computer system as in claim 28 , wherein said method further comprises: forcing DMA-capable devices to dismiss prior pending memory writes upon said beginning execution of said integrity check program.

39. A computer system comprising: means for setting a detection bit to a first state in response to beginning execution of an integrity check program at a pre-determined entry point in said integrity check program, wherein said integrity check program is operable to validate dynamic data structures of an operating system; means for detecting a pre-determined event occurring during said execution of said integrity check program; means for setting said detection bit to a second state in response to said detecting said pre-determined event; means for re-setting a timer if said detection bit is in said first state upon exiting said integrity check program at a pre-determined exit point in said integrity check program; and means for storing said detection bit.

40. The computer system as in claim 39 further comprising: means for authenticating said integrity check program between said beginning execution and said exiting said integrity check program.

41. The computer system as in claim 40 , wherein said pre-determined event comprises authenticating said integrity check program indicating authentication failure.

42. The computer system as in claim 39 , wherein said pre-determined event comprises an exception.

43. The computer system as in claim 39 , wherein said pre-determined event comprises execution of said integrity check program being interrupted.

44. The computer system as in claim 39 , wherein said pre-determined event comprises execution of said integrity check program branching outside said integrity check program.

45. The computer system as in claim 39 , wherein said pre-determined event comprises a write to a pre-determined region of memory.

46. The computer system as in claim 45 , wherein said pre-determined region of memory comprises said integrity check program.

47. The computer system as in claim 45 , wherein said pre-determined region of memory comprises data structures associated with said operating system.

48. The computer system as in claim 39 further comprising: means for determining that a write has occurred to a pre-determined region of memory; means for determining whether said write is trusted; and means for setting said detection bit to said second state if said write is not trusted.

49. The computer system as in claim 39 further comprising: means for forcing DMA-capable devices to dismiss prior pending memory writes upon said beginning execution of said integrity check program.